tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-26 14:39:25 +02:00
Code Issues Projects Releases Wiki Activity

[SS-2018-020] Ensure that table names are escaped to prevent possible SQL injection

Browse Source
This commit is contained in:
Robbie Averill 2018-11-07 12:12:44 +02:00 committed by Aaron Carlino
parent 466e7cf142
commit 74698af402
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/ORM/DataObjectSchema.php
View File

@ -8,6 +8,7 @@ use LogicException;
use SilverStripe\Core\ClassInfo;
use SilverStripe\Core\Config\Config;
use SilverStripe\Core\Config\Configurable;
use SilverStripe\Core\Convert;
use SilverStripe\Core\Injector\Injectable;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\Dev\TestOnly;
@ -127,7 +128,7 @@ class DataObjectSchema
$tables = $this->getTableNames();
$class = ClassInfo::class_name($class);
if (isset($tables[$class])) {
return $tables[$class];
return Convert::raw2sql($tables[$class]);
}
return null;
}